Privacy policy

Apify Technologies s.r.o. with its registered seat at Štěpánská 704/61, 110 00 Prague 1,
Czech Republic, Company reg. no. 04788290, recorded in the
Commercial Register kept by the Municipal Court of Prague, File No.: C 253224
(hereinafter referred to as “we”, “us”, “our”, the “Provider” or “Apify”)
welcomes you (hereinafter referred to as “you” or the “User”) on our website
apify.com (hereinafter referred to as the “Website“).

This Privacy Policy (hereinafter referred to as the “Policy” or “Privacy
Policy”) describes the types of information we gather from people visiting
our Website and/or using our Platform and Services. Terms starting with a capital
letter used in this Policy have the meaning defined in our Terms and Conditions
of Use (hereinafter referred to as the “Terms”). By accessing the Website,
Platform or using our Services, you agree to adhere to this Policy. If you do
not agree to the terms of this Policy, please do not use the Website, Platform
or any of our Services. Each time you use the Website, Platform or our Services,
the current version of the Privacy Policy will apply.

General Principles

Personal Data

Processing personal data in a secure, fair, and transparent way is extremely
important to us at Apify. We process personal data in accordance with the
European Union’s General Data Protection Regulation (“GDPR”) and best industry
standards. This Policy uses the following definitions regarding your personal
data:

“Data Subjects” refers to those individuals residing in the European
Union who are our Users or personnel.

“Personal Data” is given the same meaning as in the GDPR, i.e. any
data relating directly or indirectly to an identifiable data subject.
Personal data does not include any data that is anonymized, aggregated,
de-identified and/or compiled on a generic basis and which does not name or
identify a specific individual, directly or indirectly.

“Processing” is given the same meaning as in the GDPR, such as
collecting, recording, using, storing, amending, adapting, disclosing,
transferring or transmitting, structuring, using, combining, deleting or
destroying personal data”

“Controller” is given the same meaning as in the GDPR, i.e. a party
that determines the purposes and means of the processing of personal data;
Apify is the controller with respect to your personal data.

“Processor” is the party that processes personal data on behalf of
the controller; Apify is the processor of your personal data.

“Incident” means: (a) a complaint or a request with respect to the
exercise of an individual’s rights under the GDPR; (b) an investigation into
or seizure of the personal data by government officials, or a specific
indication that such an investigation or seizure is imminent; or (c) any
breach of the security and/or confidentiality as set out in this Policy
leading to the accidental or unlawful destruction, loss, alteration,
unauthorized disclosure of, or access to, the personal data, or any
indication of such breach having taken place or being about to take place.

Apify collects personal data that is voluntarily provided when a User on our
Website creates an account or logs into their account. Specifically, when you
sign up for an account, we ask you for your name, email address, username, short
bio, homepage URL, GitHub username, Twitter username, profile picture, business
information, billing information and payment information. This information is
used to assist us in helping you select the appropriate service package, to
allow you to authenticate to the Website (Platform), to send you e-mail
notifications, Apify’s newsletters or other marketing materials. Some of the
information might be displayed publicly on a public profile page upon your consent
and only to the extent approved by you. Apify also collects and stores
information about our user’s use of the Website, Platform and our Services,
including page scraping activities, so that information gathered by a user
through our Website or Services can be served up each time a user logs in to the
Website.

Apify will process User’s personal data only to the extent strictly necessary
for the purpose of using the Website, Platform and/or providing Services in
accordance with the Terms and this Policy and any further written instructions
from the User that are mutually agreed upon in writing. Apify agrees that:

it will implement and maintain a reasonable and appropriate security program
comprising adequate security, technical and organizational measures to
protect against unauthorized, unlawful or accidental processing, use,
erasure, loss or destruction of, or damage to, User’s personal data;

it will not modify, alter, delete, publish or disclose any User personal
data to any third party, nor allow any third party to process such personal
data on Apify’s behalf unless the third party is bound to similar
confidentiality and data handling provisions;

only its personnel, contractors or third party providers who “need-to-know”
will be given access to User personal data to the extent necessary to
perform its obligations under the Terms. It shall provide adequate training
to its staff and ensure that they comply with the obligations in this
Policy; and

it will only process User personal data to the extent necessary to perform
its obligations under the Terms, upon written instructions of the User (only
as mutually agreed upon), and in accordance with applicable laws.

Upon your request or termination of your user account, Apify will delete,
destroy, or anonymize the personal data in accordance with our standard backup
and retention Policy (no later than 60 days), unless we have terminated your
account for violation of the Terms or in other cases foreseen by GDPR and
applicable regulation in which we are not obliged to delete, destroy or
anonymize your personal data.

The parties acknowledge that User may from time to time be in possession of
personal data relating to Apify’s personnel. Apify warrants that it has provided
all necessary notifications and obtained all necessary consents, authorizations,
approvals and/or agreements as required under any applicable law in order to
enable: (i) the disclosure of Apify’s personal data to User; and (ii) further
processing of such Apify personal data by User.

User’s Obligations

By accepting this Policy, the User warrants that it has all necessary rights to
provide to Apify the personal data for processing in connection with the
provision of the services by Apify. To the extent required by applicable law,
the User is responsible for ensuring that any data subject consents that may be
necessary to this processing are obtained, and for ensuring that a record of
such consents is maintained, including any consent to use personal data that is
obtained from third parties. Should such consent be revoked by a data subject,
the User is responsible for communicating the fact of such revocation to Apify, and
Apify remains responsible for implementing any User instruction with respect to
the further processing of that personal data, or, as may be in accordance with
any of Apify’s legal obligations.

Apify shall assist the User by implementing appropriate technical and
organizational measures, insofar as this is reasonably and commercially possible
(in Apify’s sole determination and discretion), in fulfilling the User’s obligations
to respond to individuals’ requests to exercise rights under the GDPR.

Incident Management

When either party becomes aware of an incident that impacts the processing of
personal data, it shall promptly notify the other about the incident and shall
reasonably cooperate in order to enable the other party to perform a thorough
investigation into the incident, to formulate a correct response, and to take
suitable further steps in respect of the incident.

Both parties shall at all times have in place written procedures which enable
them to promptly respond to the other about an incident. Where the incident is
reasonably likely to require a data breach notification under applicable laws,
the party responsible for the incident shall notify the other no later than 24
hours of having become aware of such an incident.

Any notifications made under this section shall be made to support@apify.com
(when made to Apify) and to our point of contact with you (when made to the
User), and shall contain:(i) a description of the nature of the incident,
including, where possible, the categories and approximate number of individuals
concerned and the categories and approximate number of records concerned; (ii)
the name and contact details of the point of contact where more information can
be obtained; (iii) a description of the likely consequences of the incident; and
(iv) a description of the measures taken or proposed to be taken to address the
incident including, where appropriate, measures to mitigate its possible adverse
effects.

Aggregate Information

Apify may also collect aggregate information. Aggregate information is
information about your activities on the Website and Platform or in connection
with the Services that cannot be used to identify, locate, or contact you (such
as frequency of visits to the Website, data entered when using the Website,
Website pages most frequently accessed, browser type, etc.). Aggregate
information is collected as you visit our Website (Platform) or interact with
our Services even if you do not enter any information. Generally, aggregate
information is used in a collective manner, and no single person can be
identified by that compiled information. Apify uses aggregate information to
provide its Services, as well as to determine the use of our Website (Platform)
and to monitor, audit and analyze information pertaining to our business
metrics.

We may use aggregate information to improve the Website and Services, to monitor
traffic and general usage patterns, and for other general business purposes. We
may disclose aggregate information to third parties for a variety of business
reasons, including to potential investors so that they may better understand our
user base, etc. Aggregate information will not include any personal information
and we will not disclose any personal information except as expressly stated
elsewhere in this Policy.

Cookies

When you access our Website, Platform or use our Services, we may collect
information regarding your IP address for the purposes of administering the
Website (Platform) and tracking Website (Platform) usage. However, your IP
address may vary each time you visit or it may remain the same depending on the
type of Internet connection you are using or the location from which you access
the Website (Platform).

We may also collect information about the websites that directed you to our
Website (Platform) after you clicked on a text or banner link or an ad from
another website, or the day and time you visited our Website (Platform) and how
long you spent on the Website (Platform). We aggregate such information to help
us to compile reports as to trends and other behavior about users visiting our
Website. However, such information is anonymous and cannot be tied directly to
you.

We may also use “cookies” and your personal information to enhance your
experience on the Website, Platform and with the Services and to provide you
with personalized offers. A cookie is a small data file placed on your
computer’s hard drive that contains information that allows us to track your
activity on the Website (Platform). The cookie itself does not contain any
personal information; however, if you provide us with any personal information
the cookie may act as an identifier to tie your personal information to your IP
address or computer. You may choose to delete cookies from your computer’s hard
drive at any time or to disable cookies on your computer. If you delete cookies
that relate to the Website, we may not be able to identify you upon your return
to the Website. Additionally, if you disable your computer’s cookies, you may
not be able to access certain features of the Website, Platform or Services that
require that cookies be enabled.

The Website’s (Platform’s) cookies cannot be used to read data from your hard
drive and cannot retrieve information from any other cookies created by other
websites. Additionally, our cookies cannot be used as a virus, Trojan horse,
worm, or any other malicious tool that could impair your use of your computer.
Our cookies are used to help us better understand how you and other users use
the Website (Platform) so we can continue to provide a better, more personalized
user experience on the Website. We also share website usage information about
our Website (Platform) with those interested in running targeted promotional
campaigns on the Website. For this purpose, we and our advertisers track some of
the pages that you visit on the Website through the use of pixel tags (also
called clear gifs).

Security Pertaining to Your Information

We take appropriate security measures to protect against unauthorized access to
or unauthorized alteration, disclosure or destruction of data. These include
internal reviews of our data collection, storage and processing practices and
security measures, as well as physical security measures to guard against
unauthorized access to systems where we store personal data.

We restrict access to collected information to Apify employees, service
providers and agents who need to know that information in order to operate,
develop or improve our services. These individuals are bound by confidentiality
obligations and may be subject to discipline, including termination and criminal
prosecution, if they fail to meet these obligations. We use secure socket layer
(“SSL”) technology to encrypt and protect the security of your personal
information, including but not limited to your credit card number, when it is
sent over the Internet.

Integrity of Your Data

Apify processes your information only for the purposes for which it was
collected and in accordance with this Policy. We review our data collection,
storage and processing practices to ensure that we only collect, store and
process the personal information needed to provide or improve our Services. We
take reasonable steps to ensure that the personal information we process is
accurate, complete, and current, but we depend on our users to update or correct
their personal information whenever necessary.

Children and Privacy

Our Website, Platform and Services is not directed to children and we will not
request personally identifiable information from anyone who we know to be under
the age of 18, unless we have obtained verifiable parental consent from a parent
or legal guardian. If we become aware that a user under the age of 18 has
registered with our Website, Platform or Services, provided personal
information, and Apify has not obtained prior verifiable consent from a parent
or legal guardian, we will immediately remove the user’s personal information
from our files.

Links to Other Websites

The Website (Platform) may contain links to websites operated by other people or
companies. Those websites may have their own privacy policy or no privacy policy
at all. Apify does not have any responsibility for those websites, and we
provide the links solely for the convenience of our visitors.

Business Transfers

In the event that Apify sells substantially all of its assets, or one of Apify’s
business units is acquired, personal information of Users will likely be one of
the transferred assets.

Corrections, Information Removal, Opt-out

If your name, e-mail or postal address, telephone number or other personal
information changes, you may update, correct or omit the relevant information by
contacting Apify User service at support@apify.com or by updating your personal
information on the Account settings page on the Website. If you prefer not to
receive newsletters or other marketing e-mails from Apify, please let us know by
clicking on the unsubscribe link within any newsletter or marketing e-mail you
receive. If you prefer not to receive marketing mail via the mail carrier,
please let us know by contacting User service at support@apify.com. Please note
that such requests may take up to ten (10) days to become effective.

Liability and Indemnity

Each party indemnifies the other and holds them harmless against all claims,
actions, third party claims, losses, damages and expenses incurred by the
indemnified party and arising directly or indirectly out of or in connection
with a breach of this Policy.

Final Provisions

This Policy and any other contracts and legal relationships concluded by and
between us (unless otherwise explicitly provided) shall be governed by the laws
of the Czech Republic. Any disputes arising here from between us shall be
resolved by the courts of general jurisdiction in the Czech Republic.

Should any of the provisions hereof be ascertained as invalid, ineffective or
unenforceable, upon mutual agreement such a provision shall be replaced by a
provision whose sense and purpose comes as closely as possible to the original
provision. The invalidity, ineffectiveness or unenforceability of one provision
shall not affect the validity and effectiveness of the remaining provisions
hereof.

This Policy shall come into effect when published and shall continue until it
is changed or terminated in accordance with the Terms and this Policy. We may
change this Policy at any time and without prior notice, by posting the revised
version of this Policy on our Website. Your continued use of the Website,
Platform and/or Services indicates your consent to our collection of and use of
your personal and aggregate information under the then current Policy.
Termination or expiration of this Policy shall not discharge the parties from
the confidentiality obligations herein.